Monitor Local Security Event Logs

This PowerShell script monitors local security event logs and extracts information about failed logon attempts. It can be useful for system administrators to track potential security breaches.
Step 1: Get the current date and time to filter logs.
“`powershell
$currentDate = Get-Date
“`
Step 2: Define the time range for the logs to check, for example, the last 24 hours.
“`powershell
$startTime = $currentDate.AddHours(-24)
“`
Step 3: Retrieve the security event logs related to failed logon attempts.
“`powershell
$failedLogons = Get-WinEvent -LogName Security -FilterHashtable @{ID=4625; StartTime=$startTime}
“`
Step 4: Select relevant information and format the output for better readability.
“`powershell
$failedLogonInfo = $failedLogons | Select-Object TimeCreated, @{Name=’User’;Expression={$_.Properties[5].Value}}, @{Name=’Machine’;Expression={$_.Properties[18].Value}}
“`
Step 5: Output the results to the console.
“`powershell
$failedLogonInfo | Format-Table -AutoSize
“`

Automate with ServerEngine

No results